“NoSuchMethodErrors” due to multiple versions of commons-codec:commons-codec:jar

[Bing-ok]

Issue description

Hi, there are multiple versions of commons-codec:commons-codec in pacbot\commons\pac-batch-commons. As shown in the following dependency tree, according to Maven's “nearest wins” strategy, only commons-codec:commons-codec:1.2 can be loaded, commons-codec:commons-codec:1.10 and commons-codec:commons-codec:1.11 will be shadowed.

However, one method defined in shadowed version commons-codec:commons-codec:1.11 is referenced by client project via org.apache.httpcomponents:httpclient:4.5.9, but missing in the actually loaded version commons-codec:commons-codec:1.2.

For instance, the following missing method(defined in commons-codec:commons-codec:1.11) is actually referenced by pacbot\commons\pac-batch-commons, which will introduce a runtime error(i.e., "NoSuchMethodErrors") into pacbot\commons\pac-batch-commons.
Missing method:org.apache.commons.codec.binary.Base64: void init (int) is invoked by pacbot\commons\pac-batch-commons via the following path:

paths------
<com.tmobile.pacman.commons.utils.CommonUtils: java.lang.String doHttpPost(java.lang.String,java.lang.String,java.lang.String)> pacbot\commons\pac-batch-commons\target\classes
<org.apache.http.impl.client.CloseableHttpClient: org.apache.http.HttpResponse execute(org.apache.http.client.methods.HttpUriRequest)>> Repositories\org\apache\httpcomponents\httpclient\4.5.9\httpclient-4.5.9.jar
<org.apache.http.impl.client.CloseableHttpClient: org.apache.http.client.methods.CloseableHttpResponse execute(org.apache.http.client.methods.HttpUriRequest)> Repositories\org\apache\httpcomponents\httpclient\4.5.9\httpclient-4.5.9.jar
<org.apache.http.impl.client.CloseableHttpClient: org.apache.http.client.methods.CloseableHttpResponse execute(org.apache.http.client.methods.HttpUriRequest,org.apache.http.protocol.HttpContext)> Repositories\org\apache\httpcomponents\httpclient\4.5.9\httpclient-4.5.9.jar
<org.apache.http.impl.client.InternalHttpClient: org.apache.http.client.methods.CloseableHttpResponse doExecute(org.apache.http.HttpHost,org.apache.http.HttpRequest,org.apache.http.protocol.HttpContext)> Repositories\org\apache\httpcomponents\httpclient\4.5.9\httpclient-4.5.9.jar
<org.apache.http.impl.execchain.MainClientExec: org.apache.http.client.methods.CloseableHttpResponse execute(org.apache.http.conn.routing.HttpRoute,org.apache.http.client.methods.HttpRequestWrapper,org.apache.http.client.protocol.HttpClientContext,org.apache.http.client.methods.HttpExecutionAware)> Repositories\org\apache\httpcomponents\httpclient\4.5.9\httpclient-4.5.9.jar
<org.apache.http.impl.auth.HttpAuthenticator: void generateAuthResponse(org.apache.http.HttpRequest,org.apache.http.auth.AuthState,org.apache.http.protocol.HttpContext)> Repositories\org\apache\httpcomponents\httpclient\4.5.9\httpclient-4.5.9.jar
<org.apache.http.impl.auth.HttpAuthenticator: org.apache.http.Header doAuth(org.apache.http.auth.AuthScheme,org.apache.http.auth.Credentials,org.apache.http.HttpRequest,org.apache.http.protocol.HttpContext)> Repositories\org\apache\httpcomponents\httpclient\4.5.9\httpclient-4.5.9.jar
<org.apache.http.impl.auth.BasicScheme: org.apache.http.Header authenticate(org.apache.http.auth.Credentials,org.apache.http.HttpRequest,org.apache.http.protocol.HttpContext)> Repositories\org\apache\httpcomponents\httpclient\4.5.9\httpclient-4.5.9.jar
<org.apache.commons.codec.binary.Base64: void init (int)> 

Suggested fixing solutions:

1. Declare a direct dependency commons-codec:commons-codec:1.11 in the pom file of pacbot\commons\pac-batch-commons to upgrade version from 1.2 to 1.11.
2. Use configuration attribute <dependencyManagement> to unify the version of library commons-codec:commons-codec to be 1.11 in pacbot\commons\pac-batch-commons's pom file.
3. Use <exclude> to exclude commons-codec:commons-codec:1.2 from the dependency tree, so version 1.11 will be loaded.

Please let me know which solution do you prefer? I can submit a PR to fix it.

Thank you very much for your attention.
Best regards,

Dependency tree----

[INFO] com.tmobile.cloud:batch-commons:jar:1.0.0-SNAPSHOT
[INFO] +- com.microsoft.azure:azure:jar:1.22.0:compile
[INFO] |  +- com.microsoft.azure:azure-client-authentication:jar:1.6.4:compile
[INFO] |  |  +- (commons-codec:commons-codec:jar:1.11:compile - omitted for conflict with 1.2)
[INFO] |  |  \- com.microsoft.azure:adal4j:jar:1.6.2:compile
[INFO] |  |     \- (commons-codec:commons-codec:jar:1.11:compile - omitted for duplicate)
[INFO] |  \- com.microsoft.azure:azure-mgmt-keyvault:jar:1.22.0:compile
[INFO] |     \- com.microsoft.azure:azure-keyvault:jar:1.0.0:compile
[INFO] |        \- com.microsoft.azure:azure-keyvault-webkey:jar:1.0.0:compile
[INFO] |           \- (commons-codec:commons-codec:jar:1.10:compile - omitted for conflict with 1.11)
[INFO] +- com.amazonaws:aws-java-sdk-efs:jar:1.11.636:compile
[INFO] |  \- com.amazonaws:aws-java-sdk-core:jar:1.11.636:compile
[INFO] |     \- org.apache.httpcomponents:httpclient:jar:4.5.9:compile
[INFO] |        \- (commons-codec:commons-codec:jar:1.11:compile - omitted for duplicate)
[INFO] \- commons-httpclient:commons-httpclient:jar:3.1:compile
[INFO]    \- commons-codec:commons-codec:jar:1.2:compile

[Bing-ok]

@sajeer-nooh Could you please help me review this issue? Thank you very much.

[kaykumar]

@Bing-ok Please use method # 2, thanks.

[marshmallowrobot]

@kaykumar Why hasn't this submission been merged yet? Here we have someone that was kind enough to help us out, and yet we've let them down.

If there are any issues, please communicate them!